d27e0ef50747340368a6b4a9244381fb34f1ab9778aa0c13a15c6dd4569b6173 | Triage

Sharing

General

Target

d27e0ef50747340368a6b4a9244381fb34f1ab9778aa0c13a15c6dd4569b6173
Size

328KB
Sample

221123-p9xl7agd8x
MD5

a7aba4296e0f4cc12ec37491d623ab37
SHA1

ed15724056ab1d40053d82ac937f7e7d5489dd1d
SHA256

d27e0ef50747340368a6b4a9244381fb34f1ab9778aa0c13a15c6dd4569b6173
SHA512

3c7185050f3229114f40bc3938f9c836aa3e4644e99e550e37693a13abfca52276885c390fdc17d80575dd92c99535cf370bd7d5803eb8187446ed3c4d4b73c6
SSDEEP

6144:+ICHmBqlcHgSSrWr/mL+YcXMIe5EC6t+jqBEm2mSMb1dxIm33liQzMcq/rtDzB59:EHmcl0gfCr/ocXMIkgFdpHxIm33llbqD

Score

6^/10

microsoft persistence phishing

Malware Config

Targets

- Target
  
  d27e0ef50747340368a6b4a9244381fb34f1ab9778aa0c13a15c6dd4569b6173
- Size
  
  328KB
- MD5
  
  a7aba4296e0f4cc12ec37491d623ab37
- SHA1
  
  ed15724056ab1d40053d82ac937f7e7d5489dd1d
- SHA256
  
  d27e0ef50747340368a6b4a9244381fb34f1ab9778aa0c13a15c6dd4569b6173
- SHA512
  
  3c7185050f3229114f40bc3938f9c836aa3e4644e99e550e37693a13abfca52276885c390fdc17d80575dd92c99535cf370bd7d5803eb8187446ed3c4d4b73c6
- SSDEEP
  
  6144:+ICHmBqlcHgSSrWr/mL+YcXMIe5EC6t+jqBEm2mSMb1dxIm33liQzMcq/rtDzB59:EHmcl0gfCr/ocXMIkgFdpHxIm33llbqD
Score

6^/10

persistence microsoft phishing
- Adds Run key to start application
  persistence
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

microsoftpersistencephishing